name: govulncheck
on:
  push:
    paths:
      - go.sum
      - .github/workflows/govulncheck.yml
  pull_request:
    paths:
      - go.sum
      - .github/workflows/govulncheck.yml
  schedule:
    - cron: "0 0 * * *"

permissions: read-all

jobs:
  govulncheck:
    name: govulncheck
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # pin@v6.0.1
        with:
          persist-credentials: false
      - name: Add variables to environment file
        run: cat ".github/env" >> "$GITHUB_ENV"
      - name: Setup Go
        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # pin@6.1.0
        with:
          go-version: '${{ env.GOLANG_VERSION }}'
          check-latest: true
      - name: govulncheck
        uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # pin@1.0.4
        with:
          go-package: ./...